The present disclosure relates to identifying an appropriate document control policy for a given document.
Document control policies include both document access policies and document retention policies. A document security policy is a common example of a document access policy. A document security policy is an instance within a framework of rules within which an organization establishes needed levels of document information security to achieve specific desired confidentiality and privacy goals. A policy is a statement of rights and privileges as applied to document content, and any other constraints that may be assigned and applied to a document. A document security policy is typically described and/or implemented by a DRM (Digital Rights Management) system.
A document retention policy is an instance within a formalized policy of an organization for the preservation of data, especially electronic documents. Related to this is a document data destruction policy, which is an instance within a formalized policy of an organization for the destruction/expiration of data, especially electronic documents. A document data destruction policy is a type of document retention policy. Document retention policies are typically implemented by a records archive system.
When a document is created, a user typically either manually enforces document retention and security policies, or a DRM system is used (where manual intervention for new unknown documents is often required). Another approach relies on an Information Technology Workflow/Content Management System (ITW/CMS) to help select, assign and enforce appropriate policies. Such workflows and systems are often highly customized, developed specifically for the particular business practices of a company, and employ a classification system that tightly integrates security and retention policies with pre-defined document categories.